6-40
RADIUS Authentication, Authorization, and Accounting
Commands Authorization
Displaying Authorization Information
You can show the authorization information by entering this command:
An example of the output is shown.
Figure 6-15. Example of Show Authorization Command
Configuring Commands Authorization on a RADIUS
Server
Using Vendor Specific Attributes (VSAs)
Some RADIUS-based features implemented on HP switches use HP VSAs for
information exchange with the RADIUS server. RADIUS Access-Accept pack-
ets sent to the switch may contain the vendor-specific information.
The list of commands that are permitted (or denied) execution by the user are
called regular expressions. The system compares those regular expressions
against the full command name to determine whether the user is allowed to
execute the command. For example, assume a RADIUS user is defined as
follows:
User1 User-Password = “hpswitch”
Service-Type = Administrative-User,
HP-Command-Exception = 1, # Deny_list
HP-Command-String = “config”
Syntax: show authorization
Configures authorization for controlling access to CLI
commands. When enabled, the switch checks the list of commands
supplied by the RADIUS server during user authentication to
determine if a command entered by the user can be executed.
HP Switch(config)# show authorization
Status and Counters - Authorization Information
Type | Method
-------- + ------
Commands | RADIUS
To Next Page
Loading...
Need help?
General
